The Target breach points out some facts of life on the Web: We’re all targets (pun intended) of cyber thieves.
Fortunately, there are steps we can take to protect ourselves. Here’s how to protect yourself from the next big breach.
I am a target. I shop online, I shop in large department stores, and I regularly use credit and debit cards. Shopping at large stores that process thousands of sales daily makes me even more of a target, because my transaction information (name, account number, etc.) gets combined with that of all other shoppers. And I became a potential victim when I shopped at Target this past Christmas shopping season.
These days, every time I swipe my credit card on a point-of-sale system, I think to myself: “Is this vendor doing all they can to keep me safe?” Retail companies believe they are; claiming that by following the Payment Card Industry (PCI) standards, they’re doing all they can to keep customer credit-card information safe. But I’m not convinced — especially in the U.S. European credit cards are considered more difficult to hack because they use an onboard security chip rather than the magnetic stripe common on U.S. cards.
Malware designed to attack point-of-sale systems
Many ATMs and point-of-sale (POS) systems use a version of Windows called Windows Embedded (more info). Built on Windows XP, Windows 7, or Windows 8, this specialized software is designed to have a small footprint and allow limited rights. Unlike other Windows versions, Windows Embedded has write filters that let only administrators write to the system’s RAM or C: drive.
I use Win7-based Windows Embedded on specific workstations in my office. It lets only authorized users sign in to a server. These workstations’ only function is to support the I/O functions of a keyboard, a mouse, two monitors, and a printer. The server — a much more powerful computing device than a typical desktop PC — handles all the real processing.
Windows 7 Embedded was released in July 2010. But Windows XP Professional for Embedded Systems dates back to Dec. 31, 2001 — and will be supported by Microsoft until the end of 2016, as noted on a Microsoft Product Lifecycles page. (In contrast, support for desktop versions of Windows XP ends in less than three months.)